如何在 API 模式下的 Rails 应用程序中实现 JWT 身份验证

Question

I have a Rails app that is in API mode.

Are there any gems that provide simple JWT authentication?

Answer 1

Yup, the standard JWT gem is great. Just add it to your gemfile:

gem 'jwt'

Then I use it as a concern that I can include like:

module JWTAuthenticatable
  extend ActiveSupport::Concern

  included do

    before_action :authenticate_and_restrict_access, if: -> { %w[json csv].include? request.format }

    rescue_from JWT::DecodeError,                   with: :invalid_token
    rescue_from JWT::ExpiredSignature,              with: :expired_token

    def authenticate_and_restrict_access
      return if current_user

      authenticate_or_request_with_http_token do |authentication_token|
        data = JSONWebToken.decode(authentication_token)
        sign_in User.find(data[:id]), store: false
      end

      authenticate_user! if !current_user and request.format == 'html'
    end

    def invalid_token
      render json: { errors: 'api.invalid_token' }, status: :unauthorized
    end

    def expired_token
      render json: { errors: 'api.expired_token' }, status: :unauthorized
    end
  end
end

You should be able to tailor this to your needs.

Answer 2

1. use devise-jwt
   
2. here is an article I have written including all code you may need and GitHub repo that has a working code